Trust & Certification Center
At Checkmarx, we do everything with our customers in mind. Security, data privacy, compliance, and reliability are important to you, which makes them imperative for us.
Security
Checkmarx is an extension of your software development processes and architecture. We designed Checkmarx One to meet your security standards, including data, application, network, and product security.
Audit Logging
Checkmarx logs all actions taken within our AWS environment and web applications using AWS CloudTrail. Logs are encrypted, stored in a secure and centralized location, and available for audit and compliance purposes.
Backup
Checkmarx performs daily backups of all customer data and retains backups for seven days. Data is stored in secure locations, encrypted at rest, and protected from unauthorized access.
Data Retention
Checkmarx follows data retention policies that comply with relevant data protection regulations and best practices. Client data is deleted within 7 days of receiving a formal deletion request.
Encryption at Rest
We encrypt all customer data at rest using industry standard encryption protocols, such as AES-256, to protect against unauthorized access or theft.
Encryption in Transit
Checkmarx One encrypts all communications with our service using HTTPS. Data transmitted within our service to and from Amazon S3 is encrypted using TLS 1.2.
IDS / IPS
Checkmarx implements an IDS/IPS for the Checkmarx One environment using AWS Shield, WAF rules, and DevOps Guru to identify and alert to anomalies or potential security threats.
Risk Assessment
Checkmarx proactively performs vendor risk management (VRM) assessments using Panorays, with an overall Cyber Posture Rating of 99%. Reports can be provided to customers.
WAF
All exposed AWS instances are protected with a web application firewall (WAF) to detect and block a wide range of web application attacks. WAF rules are regularly updated.
Data Privacy
Checkmarx understands the importance of data privacy for our customers. Our programs, products, and services are structured to provide effective data privacy protections for Checkmarx, its customers, partners, and employees.
Compliance & Assurance
Security is at the heart of everything we do at Checkmarx. Our customers rely on us to protect their most valuable assets. We meet and exceed the world’s most trusted standards for data protection, privacy, and secure software development.
We’re certified to the latest and most recognized global standard for information security. This reflects our structured, enterprise-grade approach to managing and protecting your data.
Checkmarx undergoes an independent SOC 2 Type II audit annually. Our report is available upon request. We also leverage the robust security posture of AWS, which holds its own SOC 2 Type II compliance.
Our privacy program aligns with the stringent requirements of GDPR. Our practices are designed to support transparency, user rights, and responsible data handling — no matter where you operate.
Security isn’t just a feature — it’s built in. We align with the NIST Secure Software Development Framework (SSDF) to integrate security at every stage of our software lifecycle.
Availability
Checkmarx ensures all its products and services are designed and delivered to meet the requirements of the Confidentiality, Integrity, and Availability (CIA) triad. This provides the assurances you need to secure your application development, without slowing you down.
Status page
Monitor the operational status and recent history for Checkmarx One services running in each of its five global regions (United States, Europe, India, Singapore, and Australia u0026 New Zealand) on the status page.
AI for Secure Development: A Governance-Driven Approach
Checkmarx has developed a Responsible AI Framework to guide the ethical and effective use of AI across our application security solutions. Built on key principles of transparency, privacy, security, and developer empowerment, this framework ensures that our AI supports secure coding practices without introducing bias or undermining trust.
We apply strict governance measures, including ongoing audits of AI outputs, to keep our technology aligned with industry standards and regulatory requirements. Our AI-powered tools are designed to support, not replace, human decision-making, offering clear, actionable insights that developers and security teams can rely on.
By prioritizing privacy-first design and human-in-the-loop processes, Checkmarx ensures that AI strengthens the integrity and security of the software development lifecycle.
Additional Resources
Checkmarx provides customers with additional details on security, privacy, compliance, and availability programs, including certifications, compliance reports, standard security questionnaires, and security architecture.
Security Architecture
Existing customers and prospects under NDA can contact their account teams for our white paper detailing our security architecture, access control, infrastructure security and availability controls.
Contact Us →
Talk to Checkmarx InfoSec
Our InfoSec team is responsible for ensuring the security and integrity of our Checkmarx One platform. If you want additional information about our security policies, you can contact us.
Contact Us →
Report a Security Vulnerability
If you’re a security researcher and discover a vulnerability in a Checkmarx product or service, please submit your findings to us.
Submit a Report →